I got this setup working now. Thanks to Tony Finch, Christian Balzer,
and Dennis Davis for steering me in the right direction!
I abandoned the idea of creating a unique envelope-from for each
outgoing message; it conflicts with most greylisting implementations.
Instead, I set "return_path" to:
<sender>=<receiver>=<receiver.domain>=<hmac/md5
signature>@<sender.domain>
For instance:
tor=exim-users=exim.org=c4e8175bf517c0a772ae9cd7c3271ac2@???
This, although signed, stays constant for each sender/receiver pair,
and so works well with greylisting.
Some config snippets:
ACL:
acl_check_rcpt:
.....
# If there is no sender address, deny recipient addresses that
# do not match envelope sender addresses previosly generated here.
#
deny
message = You must provide a sender address unless you are \
returning mail that was previously sent from here. \
This recipient address lacks the cryptographic signature \
we use in the envelope sender address of outgoing mail. \n\
You are responding to a faked sender address.
senders = :
domains = +local_domains
condition = ${if and {{match{$local_part}{^(.*)=.*}}\
{eq{$local_part}{$1=${hmac{md5}{SECRET}{$1}}}}}\
{false}{true}}
Routers:
smarthost_hash:
debug_print = "R: smarthost_hash for $local_part@$domain"
driver = manualroute
domains = ! +local_domains : !+relay_to_domains
transport = remote_smtp_hash
route_list = * DCsmarthost
host_find_failed = defer
same_domain_copy_routing = yes
no_more
hashed_local:
debug_print = "R: hashed_local for $local_part@$domain"
driver = redirect
domains = +local_domains
local_part_suffix = =*
data = $local_part@$domain
Transports:
remote_smtp_hash:
debug_print = "T: remote_smtp_hash for $local_part@$domain"
driver = smtp
return_path = ${local_part:$sender_address}=$local_part=$domain=\
${hmac{md5}{SECRET}\
{${local_part:$sender_address}=$local_part=$domain}}\
@$qualify_domain
Exim is smart enough to figger that the use of $local_part and $domain
in the transport means that no batching will be done. Thus, the
envelope-from address is unique for each recipient that receives the
message.
-tor